Em Tue, Apr 16, 2019 at 06:01:24PM +0200, Jiri Olsa escreveu:
> By calling maps__insert we assume to get 2 references
> on the map, which we relese within maps__remove call.
>
> However if there's already same map name, we currently
> don't bump the reference and can crash, like:
>
> Program received signal SIGABRT, Aborted.
> 0x00007ffff75e60f5 in raise () from /lib64/libc.so.6
>
> (gdb) bt
> #0 0x00007ffff75e60f5 in raise () from /lib64/libc.so.6
> #1 0x00007ffff75d0895 in abort () from /lib64/libc.so.6
> #2 0x00007ffff75d0769 in __assert_fail_base.cold () from /lib64/libc.so.6
> #3 0x00007ffff75de596 in __assert_fail () from /lib64/libc.so.6
> #4 0x00000000004fc006 in refcount_sub_and_test (i=1, r=0x1224e88) at
> tools/include/linux/refcount.h:131
> #5 refcount_dec_and_test (r=0x1224e88) at
> tools/include/linux/refcount.h:148
> #6 map__put (map=0x1224df0) at util/map.c:299
> #7 0x00000000004fdb95 in __maps__remove (map=0x1224df0, maps=0xb17d80) at
> util/map.c:953
> #8 maps__remove (maps=0xb17d80, map=0x1224df0) at util/map.c:959
> #9 0x00000000004f7d8a in map_groups__remove (map=<optimized out>,
> mg=<optimized out>) at util/map_groups.h:65
> #10 machine__process_ksymbol_unregister (sample=<optimized out>,
> event=0x7ffff7279670, machine=<optimized out>) at util/machine.c:728
> #11 machine__process_ksymbol (machine=<optimized out>,
> event=0x7ffff7279670, sample=<optimized out>) at util/machine.c:741
> #12 0x00000000004fffbb in perf_session__deliver_event (session=0xb11390,
> event=0x7ffff7279670, tool=0x7fffffffc7b0, file_offset=13936) at
> util/session.c:1362
> #13 0x00000000005039bb in do_flush (show_progress=false, oe=0xb17e80) at
> util/ordered-events.c:243
> #14 __ordered_events__flush (oe=0xb17e80, how=OE_FLUSH__ROUND,
> timestamp=<optimized out>) at util/ordered-events.c:322
> #15 0x00000000005005e4 in perf_session__process_user_event
> (session=session@entry=0xb11390, event=event@entry=0x7ffff72a4af8,
> ...
>
> Adding the map on the list and getting the reference event
> if we find the map with same name.
Added:
Fixes: 1e6285699b30 ("perf symbols: Fix slowness due to -ffunction-section")
Ccing Eric Saint-Etienne <eric.saint.etie...@oracle.com>, the author of
the patch that introduced that function.
And applied to perf/urgent
> Cc: Song Liu <songliubrav...@fb.com>
> Link: http://lkml.kernel.org/n/tip-38t1ihcy32lvu4xfpm0p7...@git.kernel.org
> Signed-off-by: Jiri Olsa <jo...@kernel.org>
> ---
> tools/perf/util/map.c | 4 +---
> 1 file changed, 1 insertion(+), 3 deletions(-)
>
> diff --git a/tools/perf/util/map.c b/tools/perf/util/map.c
> index 28d484ef74ae..ee71efb9db62 100644
> --- a/tools/perf/util/map.c
> +++ b/tools/perf/util/map.c
> @@ -926,10 +926,8 @@ static void __maps__insert_name(struct maps *maps,
> struct map *map)
> rc = strcmp(m->dso->short_name, map->dso->short_name);
> if (rc < 0)
> p = &(*p)->rb_left;
> - else if (rc > 0)
> - p = &(*p)->rb_right;
> else
> - return;
> + p = &(*p)->rb_right;
> }
> rb_link_node(&map->rb_node_name, parent, p);
> rb_insert_color(&map->rb_node_name, &maps->names);
> --
> 2.17.2
--
- Arnaldo
